from the reasonably-so dept

We recently wrote about Microsoft going to court and convincing a judge to (with no adversarial hearing) allow it to seize a bunch of domain names from No-IP, redirecting all traffic to them through Microsoft's own servers. Those servers quickly encountered problems, meaning that many people who relied on No-IP's dynamic DNS system, found that they couldn't access their sites. Microsoft later blamed this on a "technical error" but it still appeared that the seizure effort was a gross abuse of the legal process. Remember, in the lawsuit that allowed Microsoft to seize the domains, it had claimed that No-IP parent Vitalwerks had been breaking the law.

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services.

Microsoft identified malware that had escaped Vitalwerks’ detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.

In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

No-IP for its part has also put out a more detailed explanation for how all of this happened. It's worth reading. It also takes apart a number of Microsoft's claims, including the company's claim that, prior to returning the domains, it had "fixed" the problems people were having accessing their sites. No-IP reiterates that if Microsoft had just contacted the company first, it would have taken down the abusive customers. Clearly, even though the situation was settled, No-IP is reasonably upset that it happened in the first place:

While we are extremely pleased with the settlement terms, we are outraged by Microsoft’s tactics and that we were not able to completely and immediately restore services to the majority of our valuable customers that had been affected.

At No-IP, we are firm believers that the Internet should be free and open. We will continue to fight for the rights of our users and our business. Moving forward, we have provisioned a solution that will reduce the risk of domain seizures.

Later it notes:

We hope that Microsoft learned a lesson from this debacle and that in the future they will not seize other companies domains and will use appropriate channels to report abuse.

from the not-so-sure-that's-true... dept

Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company's fraud and abuse team would have cut off those malware providers.

A little while ago, Microsoft PR emailed over the following, somewhat questionable claim from David Finn, the company's Executive Director and Associate General Counsel, Digital Crimes Unit, in which he claims that all of that collateral damage was merely a "technical error" and it's all good now:

“Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”

I'm sorry, but that excuse just doesn't cut it, given the legal documents that we posted, which clearly showed that Microsoft made No-IP's parent company, Vitalwerks, out to be a part of a criminal conspiracy. The judge specifically said:

There is good cause to believe that, unless the Defendant Vitalwerks is restrained and
enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing
violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common
law of negligence. The evidence set forth in Microsoft’s TRO Motion, and the accompanying
declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this
Defendant has engaged in violations of the foregoing laws through one or more of the following:

a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft’s
protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and
failing to take sufficiently corrective action to stop and prevent the abuse of its
services, all of which harms Microsoft, Microsoft’s customers, and the general
public.

That's not a "technical error." That's Microsoft blatantly making an extreme claim that convinced a judge to hand over a whole bunch of domain names without any kind of due process or adversarial hearing. While Microsoft may have then had a technical error on top of that, what kicked this off was a very, very big legal error.

from the breaking-the-internet dept

Microsoft posted a somewhat self-congratulatory blog post yesterday about how it was taking on a "global cybercrime epidemic" and effectively targeting systems used by malware. Of course, part of the details were that Microsoft totally misrepresented the nature of No-IP and how dynamic DNS solutions work. No-IP's parent company, Vitalwerks Solutions, was painted by Microsoft as being something of an accomplice to the malware epidemic, allowing Microsoft to convince a judge to seize a bunch of very popular No-IP domains without any notice or immediate recourse. Microsoft claims that it's just stopping malware, but the collateral damage from grabbing those domains is immense. According to No-IP:

Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.

We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.

As No-IP further notes, Microsoft could have easily contacted them, and the company would have taken action:

Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.

Vitalwerks and No­-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-­IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one.

Except, instead, it appears that Microsoft went to court (secretly, without telling Vitalwerks/No-IP) and convinced the judge that the company itself was violating the law. And the court bought it:

There is good cause to believe that, unless the Defendant Vitalwerks is restrained and
enjoined by Order of this Court, immediate and irreparable harm will result from its ongoing
violations the Anti-Cybersquatting Consumer Protection Act (15 U.S.C. § 1125) and the common
law of negligence. The evidence set forth in Microsoft’s TRO Motion, and the accompanying
declarations and exhibits, demonstrate that Microsoft is likely to prevail on its claim that this
Defendant has engaged in violations of the foregoing laws through one or more of the following:

a. Leasing to Malware Defendants No-IP sub-domains containing Microsoft’s
protected marks; and
b. Negligently enabling Malware Defendants to participate in illegal acts, and
failing to take sufficiently corrective action to stop and prevent the abuse of its
services, all of which harms Microsoft, Microsoft’s customers, and the general
public.

Given the nature of the ex-parte (without Vitalwerks being able to present its side of the story) proceedings, Microsoft was able to paint the fact that a platform provider (which has a full anti-abuse program), was somehow liable for actions of its users. This flies in the face of a variety of laws and caselaw on secondary liability, which protect the service provider from being held liable for abusive behavior by its users. Yet here, not only did the court ignore all of that, it simply flat out handed over to Microsoft a whole bunch of No-IP's domains (which, clearly, Microsoft was unable to handle), bringing down a big chunk of the web that relied on No-IP's dynamic DNS services.

This seems like a tremendously dangerous move for the internet in a variety of ways. Microsoft needs to take some of the blame. Even if its goal was to stop malware proliferation, there are better ways to do that than to falsely blame No-IP, and to misleadingly represent the service to the court, allowing the domains to be seized and rerouted.